Increased fear of cyber-attacks and internal data breaches has made predictions that 2014 is the year of preventative and tactical measures to ensure corporate data assets are safe. Data masking should be included in those measures. According to Gartner,

“Security program managers need to take a strategic approach with tactical best-practice technology configurations in order to properly address the most common advanced targeted attack scenarios to increase both detection and prevention capabilities.”[1]

Without these measures, the cost of an attack or breach is growing every year. The Ponemon Institute posted in a recent study:

“The 2013 Cost of Cyber Crime Study states that the average annualized cost of cybercrime incurred by a benchmark sample of US organizations was $11.56 million, nearly 78% more than the cost estimated in the first analysis conducted 4 years ago.”[2]

Informatica believes that the best preventative measures include a layered approach for data security but without sacrificing agility or adding unnecessary costs. Data Masking delivers data-centric security with improved productivity and reduced overall costs.

Data Masking prevents internal data theft and abuse of sensitive data by hiding it from users. Data masking techniques include replacing some fields with similar-looking characters, masking characters (for example, “x”), substituting real last names with fictional last names and shuffling data within columns – to name a few. Other terms for data masking include data obfuscation, sanitization, scrambling, de-identification, and anonymization . Call it what you like, but without it – organizations may continue to expose sensitive data to those with mal intentions.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

Recently at Informatica World, 2010 in Washington, DC, Richard Clark was a featured speaker during one of the general sessions. He was the former Counterterrorism Czar, serving multiple presidencies in the White House, working for the Pentagon and the Intelligence Community, and is currently the Chairman of Good Harbor Consulting Services, LLC – a 360° Security Risk Management firm. There was no one better suited to discuss corporate information security and risk management where the entire theme of the event was Beyond Boundaries.(more…)

I recently visited a client running multiple SAP applications with three non-production copies per environment – a separate copy for Test, Development, and Training. When asked what data they were using for the non-production copies, they stated they preferred to use data from production because they were guaranteed to have the latest, up to date information which should eliminate any testing issues associated with the data itself.